ID CVE-2018-10936
Summary A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.
References
Vulnerable Configurations
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.0-801:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.0-801:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.1-901:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.1-901:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.1-902:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.1-902:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1000:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1000:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1001:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1001:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1002:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1002:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1003:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1003:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1004:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.2-1004:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1100:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1100:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1101:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1101:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1102:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1102:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1103:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.3-1103:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1200:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1200:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1201:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1201:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1202:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1202:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1203:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1203:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1204:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1204:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1205:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1205:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1206:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4-1206:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1207:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1207:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1208:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1208:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1209:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1209:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1210:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1210:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1211:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1211:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1212:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:9.4.1212:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 15-10-2020 - 13:28)
Impact:
Exploitability:
CWE CWE-297
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 105220
confirm
mlist [druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities
Last major update 15-10-2020 - 13:28
Published 30-08-2018 - 13:29
Last modified 15-10-2020 - 13:28
Back to Top